Trustwave SpiderLabs is among the most well-respected teams in the cybersecurity industry, having gained a reputation for conducting cutting-edge research, plying the foggy corners of the darkweb for information, and detecting and hunting down threats. What is less well known is how Trustwave’s SpiderLabs’ various teams’ function and then pull together to create the formidable force that is the backbone of all Trustwave’s offerings.

While the focus on Environmental, Social, and Governance (ESG) issues has gained traction in recent years, both within boardrooms and investment spaces, the focus on carbon credits and workforce diversity has diverted the existential crisis that companies face from cybersecurity. Just as carbon is the byproduct of the third industrial revolution, cybersecurity is the byproduct of the fourth industrial revolution that we continue to live through.

The updated ISO 27002 adds 11 new controls spanning a range of security services, including the addition of threat intelligence control 5.7. The ISO 27000 series is an industry standard that has long defined and dictated base-level requirements for organizations’ information security management systems (ISMS). Through more than a dozen standards, the framework helps organizations demonstrate management commitment to their ISMS as they regularly review and improve their systems and procedures.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. A bumper announcements of breaches this past week. The earlier one being continual woes at Twitter not helped by this announcement and inevitable fallout.

The Telecom Regulatory Authority of India (TRAI), the government’s telecom authority, would implement a caller identification system similar to other caller ID applications on the app store within the next three weeks. The new system will employ KYC verification to guarantee that callers’ identities are real and aren’t forged with synthetic identities.

The global research firm, Forrester, recently published its latest Forrester Tech Tide™(1) focused on twenty technologies that underpin Zero Trust threat prevention. By analyzing business value and maturity of each technology , Forrester zeroed in on six in which they recommended businesses invest.

The evolution of application design and cloud-native technologies means that developers can no longer rely on traditional authentication and authorization methods to be effective. While new standards for authentication already exist and are easily implemented, authorization remains a challenge, especially in a fast-paced, dynamic cloud environment. One method of solving this issue is to externalize authorization, allowing policy management to be decoupled from the application itself.

Roles make it easier to grant and revoke privileges for users of a relational database. Rather than managing privileges for each user individually, you manage privileges for each role and all changes apply to all users who are assigned that role. Organizations often create multiple roles to suit their unique needs. However, most databases come with a pre-defined role called PUBLIC. In this blog, we explain what the PUBLIC role means in Oracle and key best practices for using it.

Unconstrained delegation represents a serious cybersecurity risk. By taking steps to abuse the Active Directory delegation controls applied to user and computer objects in an AD environment, an attacker can move laterally and even gain control of the domain. This blog post explores this area of attack (unconstrained delegation) and offers security teams and administrators effective strategies for mitigating this security risk.

Every wise software developer and publishing firm knows the importance of a code signing certificate for their executables, codes, and scripts. For the uninitiated, code signing helps give your software a mark of genuine and trusted publisher for users to download and install. Moreover, it safeguards your executables with a digital signature and alerts users if they are altered or modified after signing.